VDB
CVE-2022-28201
CVE-2022-28201
PUBLISHED
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.
EPSS 0.07% · 20.9th percentile
Risk Scores
EPSS Score
0.07%
20.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 10.0, 11.0 |
| n/a | n/a | n/a |
| mediawiki | mediawiki | 1.37.0, 1.36.0, 0 |
Timeline
- Sep 19, 2022 CVE Published
- Sep 20, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
- Dec 19, 2022 EPSS Score
- Feb 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 18, 2023 EPSS Score
- May 2, 2023 EPSS Score
- Jun 16, 2023 EPSS Score
- Jul 30, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
References
- https://phabricator.wikimedia.org/T297571 url
- https://blog.legoktm.com/2022/07/03/a-belated-writeup-of-cve-2022-28201-in-mediawiki.html url
- [debian-lts-announce] 20220922 [SECURITY] [DLA 3117-1] mediawiki security update mailing-list
- DSA-5246 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-28201 advisory